Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/ExI_XUjszL60Ie9A5TinBHd-jBM.roa
File:                     ExI_XUjszL60Ie9A5TinBHd-jBM.roa (raw, json)
Hash identifier:          Ih+JMM3ki467y9AI2VydiKfnBZRQqt/x3WLry7BgEoA=
Subject key identifier:   13:12:3F:5D:48:EC:CC:BE:B4:21:EF:40:E5:38:A7:04:77:7E:8C:13
Certificate issuer:       /CN=f030658f16d2d88d34164592fcd4de13131f1695
Certificate serial:       0199C7F702B9783787A42393CDD72309D861
Authority key identifier: F0:30:65:8F:16:D2:D8:8D:34:16:45:92:FC:D4:DE:13:13:1F:16:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/ExI_XUjszL60Ie9A5TinBHd-jBM.roa
Signing time:             Thu 09 Oct 2025 07:54:38 +0000
ROA not before:           Thu 09 Oct 2025 07:54:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52000
IP address blocks:        45.15.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c7:f7:02:b9:78:37:87:a4:23:93:cd:d7:23:09:d8:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f030658f16d2d88d34164592fcd4de13131f1695
        Validity
            Not Before: Oct  9 07:54:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13123f5d48ecccbeb421ef40e538a704777e8c13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:45:72:81:27:c9:c6:e5:80:84:12:ba:8e:6f:
                    57:7a:e3:dc:8e:5e:0d:cd:64:fd:a4:1d:52:b8:5a:
                    a2:1f:4e:05:94:08:84:82:d9:36:00:74:bc:58:dc:
                    cb:f4:3b:9f:aa:97:77:85:58:b4:ae:cb:79:44:f4:
                    93:12:a8:c9:71:42:be:0d:fa:cc:34:03:13:a9:45:
                    17:a9:c3:ed:f9:cf:bd:1c:5d:e4:33:53:e8:b7:32:
                    e5:fd:57:97:e4:e7:2e:16:53:2d:9e:37:16:03:cf:
                    e2:67:a2:0d:8d:65:7d:95:40:b4:ab:de:16:0b:e7:
                    61:90:4f:fc:a6:c0:6b:56:b4:23:22:1e:39:8a:d1:
                    83:69:dc:69:56:38:d9:d6:05:c9:92:68:12:66:3c:
                    7f:a0:32:2b:e1:e0:5f:67:51:99:92:d6:b9:5b:cf:
                    4f:99:32:65:b0:58:96:c4:23:4e:4c:52:04:5e:79:
                    35:4a:58:19:09:5d:f9:7b:b8:ea:fe:7b:e0:68:07:
                    94:c9:d1:bd:ce:95:23:f3:27:4f:9a:98:5c:f7:7a:
                    54:d4:28:23:76:be:7d:63:1f:b5:a3:04:27:b9:30:
                    7e:96:26:c6:f8:6d:71:d1:5c:c8:f3:72:a0:76:d7:
                    ce:c0:ed:58:21:29:de:da:0f:56:0a:b8:c3:c1:d9:
                    d2:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:12:3F:5D:48:EC:CC:BE:B4:21:EF:40:E5:38:A7:04:77:7E:8C:13
            X509v3 Authority Key Identifier:
                keyid:F0:30:65:8F:16:D2:D8:8D:34:16:45:92:FC:D4:DE:13:13:1F:16:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/ExI_XUjszL60Ie9A5TinBHd-jBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:c6:0c:1e:fe:30:05:88:35:79:84:21:58:a6:2e:46:64:71:
         dc:10:7d:aa:97:bb:13:5b:24:d3:10:4f:26:0b:07:cc:45:2b:
         61:36:63:55:31:89:d3:2d:2f:62:9b:70:7d:f2:28:1b:92:69:
         40:c9:49:6c:d4:ce:32:66:17:4f:c3:90:37:3c:90:e8:51:45:
         43:4a:89:bb:73:1b:78:62:3d:09:95:cd:06:d4:98:59:fc:69:
         fc:56:79:0b:5d:6e:b2:f7:38:a5:e8:90:a6:79:cc:d9:d3:0d:
         9d:f6:f6:e4:5e:65:30:1c:54:47:7b:84:12:0c:72:54:6b:fe:
         c8:93:f9:58:d4:3f:d7:2f:b7:b2:30:86:12:ee:b4:98:91:e0:
         96:b6:7b:95:ce:b7:d3:92:73:ed:88:84:1c:45:23:7b:ae:60:
         83:86:41:7e:e6:13:9e:f3:19:59:bd:19:4c:c5:8b:0e:48:52:
         5b:14:18:72:36:ea:c4:af:4e:3c:2b:54:25:4c:69:5f:e1:5b:
         9e:12:07:e1:b1:20:1b:33:58:c1:dc:d3:32:61:b8:20:d4:41:
         56:40:eb:91:aa:4a:57:5e:10:1d:e2:9b:e9:17:58:10:78:10:
         4f:a0:9d:81:82:02:40:bd:52:04:25:de:f0:9f:bd:97:67:9c:
         92:6f:ce:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnH9wK5eDeHpCOTzdcjCdhhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMzA2NThmMTZkMmQ4OGQzNDE2NDU5MmZjZDRkZTEzMTMx
ZjE2OTUwHhcNMjUxMDA5MDc1NDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzEyM2Y1ZDQ4ZWNjY2JlYjQyMWVmNDBlNTM4YTcwNDc3N2U4YzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoEVygSfJxuWAhBK6jm9XeuPcjl4N
zWT9pB1SuFqiH04FlAiEgtk2AHS8WNzL9Dufqpd3hVi0rst5RPSTEqjJcUK+DfrM
NAMTqUUXqcPt+c+9HF3kM1PotzLl/VeX5OcuFlMtnjcWA8/iZ6INjWV9lUC0q94W
C+dhkE/8psBrVrQjIh45itGDadxpVjjZ1gXJkmgSZjx/oDIr4eBfZ1GZkta5W89P
mTJlsFiWxCNOTFIEXnk1SlgZCV35e7jq/nvgaAeUydG9zpUj8ydPmphc93pU1Cgj
dr59Yx+1owQnuTB+libG+G1x0VzI83KgdtfOwO1YISne2g9WCrjDwdnS6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBMSP11I7My+tCHvQOU4pwR3fowTMB8GA1UdIwQY
MBaAFPAwZY8W0tiNNBZFkvzU3hMTHxaVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOERCbGp4YlMySTAwRmtXU19OVGVFeE1mRnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi82NjkzZTMtODljYS00NGExLWE4YjYt
ODk0ODA1Mjg5Y2MwLzEvRXhJX1hVanN6TDYwSWU5QTVUaW5CSGQtakJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi82NjkzZTMtODljYS00NGExLWE4YjYtODk0ODA1Mjg5Y2Mw
LzEvOERCbGp4YlMySTAwRmtXU19OVGVFeE1mRnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ+cMA0G
CSqGSIb3DQEBCwUAA4IBAQC2xgwe/jAFiDV5hCFYpi5GZHHcEH2ql7sTWyTTEE8m
CwfMRSthNmNVMYnTLS9im3B98igbkmlAyUls1M4yZhdPw5A3PJDoUUVDSom7cxt4
Yj0Jlc0G1JhZ/Gn8VnkLXW6y9zil6JCmeczZ0w2d9vbkXmUwHFRHe4QSDHJUa/7I
k/lY1D/XL7eyMIYS7rSYkeCWtnuVzrfTknPtiIQcRSN7rmCDhkF+5hOe8xlZvRlM
xYsOSFJbFBhyNurEr048K1QlTGlf4VueEgfhsSAbM1jB3NMyYbgg1EFWQOuRqkpX
XhAd4pvpF1gQeBBPoJ2BggJAvVIEJd7wn72XZ5ySb87I
-----END CERTIFICATE-----